X-Git-Url: https://review.fuel-infra.org/gitweb?a=blobdiff_plain;f=cirros-testvm%2Fsrc-cirros%2Fbuildroot-2015.05%2Fpackage%2Fbinutils%2F2.24%2F002-dont-segv-on-initial-instructions-overflow.patch;fp=cirros-testvm%2Fsrc-cirros%2Fbuildroot-2015.05%2Fpackage%2Fbinutils%2F2.24%2F002-dont-segv-on-initial-instructions-overflow.patch;h=78816469814f6e6ec55c98467602651fb9506983;hb=b0a0f15dfaa205161a7fcb20cf1b8cd4948c2ef3;hp=0000000000000000000000000000000000000000;hpb=c6ac3cd55ee2da956195eee393b0882105dfad4e;p=packages%2Ftrusty%2Fcirros-testvm.git diff --git a/cirros-testvm/src-cirros/buildroot-2015.05/package/binutils/2.24/002-dont-segv-on-initial-instructions-overflow.patch b/cirros-testvm/src-cirros/buildroot-2015.05/package/binutils/2.24/002-dont-segv-on-initial-instructions-overflow.patch new file mode 100644 index 0000000..7881646 --- /dev/null +++ b/cirros-testvm/src-cirros/buildroot-2015.05/package/binutils/2.24/002-dont-segv-on-initial-instructions-overflow.patch @@ -0,0 +1,66 @@ +From: Alan Modra +Date: Fri, 20 Dec 2013 13:27:52 +0000 (+1030) +Subject: Don't segv on cie.initial_instructions[] overflow. +X-Git-Tag: gdb-7.7-release~148 +X-Git-Url: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff_plain;h=99d190fac4d2aab238cfc798dc5c28ab41456882 + +Don't segv on cie.initial_instructions[] overflow. + +Don't attempt to merge CIEs with a larger number of insns than will +fit in the buffer. + + * elf-eh-frame.c (cie_eq): Return false when initial_insn_length + is too large. + (cie_compute_hash): Don't exceed bounds of initial_instructions. + (_bfd_elf_parse_eh_frame): Always set initial_insn_length, and + save as much of insns to initial_instructions[] as will fit. +--- + +diff --git a/bfd/elf-eh-frame.c b/bfd/elf-eh-frame.c +index 832a991..4b6e8ea 100644 +--- a/bfd/elf-eh-frame.c ++++ b/bfd/elf-eh-frame.c +@@ -235,6 +235,7 @@ cie_eq (const void *e1, const void *e2) + && c1->lsda_encoding == c2->lsda_encoding + && c1->fde_encoding == c2->fde_encoding + && c1->initial_insn_length == c2->initial_insn_length ++ && c1->initial_insn_length <= sizeof (c1->initial_instructions) + && memcmp (c1->initial_instructions, + c2->initial_instructions, + c1->initial_insn_length) == 0) +@@ -254,6 +255,7 @@ static hashval_t + cie_compute_hash (struct cie *c) + { + hashval_t h = 0; ++ size_t len; + h = iterative_hash_object (c->length, h); + h = iterative_hash_object (c->version, h); + h = iterative_hash (c->augmentation, strlen (c->augmentation) + 1, h); +@@ -267,7 +269,10 @@ cie_compute_hash (struct cie *c) + h = iterative_hash_object (c->lsda_encoding, h); + h = iterative_hash_object (c->fde_encoding, h); + h = iterative_hash_object (c->initial_insn_length, h); +- h = iterative_hash (c->initial_instructions, c->initial_insn_length, h); ++ len = c->initial_insn_length; ++ if (len > sizeof (c->initial_instructions)) ++ len = sizeof (c->initial_instructions); ++ h = iterative_hash (c->initial_instructions, len, h); + c->hash = h; + return h; + } +@@ -762,11 +767,10 @@ _bfd_elf_parse_eh_frame (bfd *abfd, struct bfd_link_info *info, + cie->fde_encoding = DW_EH_PE_absptr; + + initial_insn_length = end - buf; +- if (initial_insn_length <= sizeof (cie->initial_instructions)) +- { +- cie->initial_insn_length = initial_insn_length; +- memcpy (cie->initial_instructions, buf, initial_insn_length); +- } ++ cie->initial_insn_length = initial_insn_length; ++ memcpy (cie->initial_instructions, buf, ++ initial_insn_length <= sizeof (cie->initial_instructions) ++ ? initial_insn_length : sizeof (cie->initial_instructions)); + insns = buf; + buf += initial_insn_length; + ENSURE_NO_RELOCS (buf);